|
1 /* |
|
2 * Copyright (C) 2000 Harri Porten (porten@kde.org) |
|
3 * Copyright (C) 2006 Jon Shier (jshier@iastate.edu) |
|
4 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reseved. |
|
5 * Copyright (C) 2006 Alexey Proskuryakov (ap@webkit.org) |
|
6 * |
|
7 * This library is free software; you can redistribute it and/or |
|
8 * modify it under the terms of the GNU Lesser General Public |
|
9 * License as published by the Free Software Foundation; either |
|
10 * version 2 of the License, or (at your option) any later version. |
|
11 * |
|
12 * This library is distributed in the hope that it will be useful, |
|
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
|
15 * Lesser General Public License for more details. |
|
16 * |
|
17 * You should have received a copy of the GNU Lesser General Public |
|
18 * License along with this library; if not, write to the Free Software |
|
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 |
|
20 * USA |
|
21 */ |
|
22 |
|
23 #include "config.h" |
|
24 #include "JSLocationCustom.h" |
|
25 |
|
26 #include "DOMWindow.h" |
|
27 #include "ExceptionCode.h" |
|
28 #include "Frame.h" |
|
29 #include "FrameLoader.h" |
|
30 #include "JSDOMBinding.h" |
|
31 #include "JSDOMWindowCustom.h" |
|
32 #include "KURL.h" |
|
33 #include "Location.h" |
|
34 #include "ScriptController.h" |
|
35 #include <runtime/JSFunction.h> |
|
36 #include <runtime/PrototypeFunction.h> |
|
37 |
|
38 using namespace JSC; |
|
39 |
|
40 namespace WebCore { |
|
41 |
|
42 static JSValue nonCachingStaticReplaceFunctionGetter(ExecState* exec, JSValue, const Identifier& propertyName) |
|
43 { |
|
44 return new (exec) NativeFunctionWrapper(exec, exec->lexicalGlobalObject(), exec->lexicalGlobalObject()->prototypeFunctionStructure(), 1, propertyName, jsLocationPrototypeFunctionReplace); |
|
45 } |
|
46 |
|
47 static JSValue nonCachingStaticReloadFunctionGetter(ExecState* exec, JSValue, const Identifier& propertyName) |
|
48 { |
|
49 return new (exec) NativeFunctionWrapper(exec, exec->lexicalGlobalObject(), exec->lexicalGlobalObject()->prototypeFunctionStructure(), 0, propertyName, jsLocationPrototypeFunctionReload); |
|
50 } |
|
51 |
|
52 static JSValue nonCachingStaticAssignFunctionGetter(ExecState* exec, JSValue, const Identifier& propertyName) |
|
53 { |
|
54 return new (exec) NativeFunctionWrapper(exec, exec->lexicalGlobalObject(), exec->lexicalGlobalObject()->prototypeFunctionStructure(), 1, propertyName, jsLocationPrototypeFunctionAssign); |
|
55 } |
|
56 |
|
57 bool JSLocation::getOwnPropertySlotDelegate(ExecState* exec, const Identifier& propertyName, PropertySlot& slot) |
|
58 { |
|
59 Frame* frame = impl()->frame(); |
|
60 if (!frame) { |
|
61 slot.setUndefined(); |
|
62 return true; |
|
63 } |
|
64 |
|
65 // When accessing Location cross-domain, functions are always the native built-in ones. |
|
66 // See JSDOMWindow::getOwnPropertySlotDelegate for additional details. |
|
67 |
|
68 // Our custom code is only needed to implement the Window cross-domain scheme, so if access is |
|
69 // allowed, return false so the normal lookup will take place. |
|
70 String message; |
|
71 if (allowsAccessFromFrame(exec, frame, message)) |
|
72 return false; |
|
73 |
|
74 // Check for the few functions that we allow, even when called cross-domain. |
|
75 const HashEntry* entry = JSLocationPrototype::s_info.propHashTable(exec)->entry(exec, propertyName); |
|
76 if (entry && (entry->attributes() & Function)) { |
|
77 if (entry->function() == jsLocationPrototypeFunctionReplace) { |
|
78 slot.setCustom(this, nonCachingStaticReplaceFunctionGetter); |
|
79 return true; |
|
80 } else if (entry->function() == jsLocationPrototypeFunctionReload) { |
|
81 slot.setCustom(this, nonCachingStaticReloadFunctionGetter); |
|
82 return true; |
|
83 } else if (entry->function() == jsLocationPrototypeFunctionAssign) { |
|
84 slot.setCustom(this, nonCachingStaticAssignFunctionGetter); |
|
85 return true; |
|
86 } |
|
87 } |
|
88 |
|
89 // FIXME: Other implementers of the Window cross-domain scheme (Window, History) allow toString, |
|
90 // but for now we have decided not to, partly because it seems silly to return "[Object Location]" in |
|
91 // such cases when normally the string form of Location would be the URL. |
|
92 |
|
93 printErrorMessageForFrame(frame, message); |
|
94 slot.setUndefined(); |
|
95 return true; |
|
96 } |
|
97 |
|
98 bool JSLocation::getOwnPropertyDescriptorDelegate(ExecState* exec, const Identifier& propertyName, PropertyDescriptor& descriptor) |
|
99 { |
|
100 Frame* frame = impl()->frame(); |
|
101 if (!frame) { |
|
102 descriptor.setUndefined(); |
|
103 return true; |
|
104 } |
|
105 |
|
106 // throw out all cross domain access |
|
107 if (!allowsAccessFromFrame(exec, frame)) |
|
108 return true; |
|
109 |
|
110 // Check for the few functions that we allow, even when called cross-domain. |
|
111 const HashEntry* entry = JSLocationPrototype::s_info.propHashTable(exec)->entry(exec, propertyName); |
|
112 PropertySlot slot; |
|
113 if (entry && (entry->attributes() & Function)) { |
|
114 if (entry->function() == jsLocationPrototypeFunctionReplace) { |
|
115 slot.setCustom(this, nonCachingStaticReplaceFunctionGetter); |
|
116 descriptor.setDescriptor(slot.getValue(exec, propertyName), entry->attributes()); |
|
117 return true; |
|
118 } else if (entry->function() == jsLocationPrototypeFunctionReload) { |
|
119 slot.setCustom(this, nonCachingStaticReloadFunctionGetter); |
|
120 descriptor.setDescriptor(slot.getValue(exec, propertyName), entry->attributes()); |
|
121 return true; |
|
122 } else if (entry->function() == jsLocationPrototypeFunctionAssign) { |
|
123 slot.setCustom(this, nonCachingStaticAssignFunctionGetter); |
|
124 descriptor.setDescriptor(slot.getValue(exec, propertyName), entry->attributes()); |
|
125 return true; |
|
126 } |
|
127 } |
|
128 |
|
129 // FIXME: Other implementers of the Window cross-domain scheme (Window, History) allow toString, |
|
130 // but for now we have decided not to, partly because it seems silly to return "[Object Location]" in |
|
131 // such cases when normally the string form of Location would be the URL. |
|
132 |
|
133 descriptor.setUndefined(); |
|
134 return true; |
|
135 } |
|
136 |
|
137 bool JSLocation::putDelegate(ExecState* exec, const Identifier& propertyName, JSValue value, PutPropertySlot& slot) |
|
138 { |
|
139 Frame* frame = impl()->frame(); |
|
140 if (!frame) |
|
141 return true; |
|
142 |
|
143 if (propertyName == exec->propertyNames().toString || propertyName == exec->propertyNames().valueOf) |
|
144 return true; |
|
145 |
|
146 bool sameDomainAccess = allowsAccessFromFrame(exec, frame); |
|
147 |
|
148 const HashEntry* entry = JSLocation::s_info.propHashTable(exec)->entry(exec, propertyName); |
|
149 if (!entry) { |
|
150 if (sameDomainAccess) |
|
151 JSObject::put(exec, propertyName, value, slot); |
|
152 return true; |
|
153 } |
|
154 |
|
155 // Cross-domain access to the location is allowed when assigning the whole location, |
|
156 // but not when assigning the individual pieces, since that might inadvertently |
|
157 // disclose other parts of the original location. |
|
158 if (entry->propertyPutter() != setJSLocationHref && !sameDomainAccess) |
|
159 return true; |
|
160 |
|
161 return false; |
|
162 } |
|
163 |
|
164 bool JSLocation::deleteProperty(ExecState* exec, const Identifier& propertyName) |
|
165 { |
|
166 // Only allow deleting by frames in the same origin. |
|
167 if (!allowsAccessFromFrame(exec, impl()->frame())) |
|
168 return false; |
|
169 return Base::deleteProperty(exec, propertyName); |
|
170 } |
|
171 |
|
172 void JSLocation::getOwnPropertyNames(ExecState* exec, PropertyNameArray& propertyNames, EnumerationMode mode) |
|
173 { |
|
174 // Only allow the location object to enumerated by frames in the same origin. |
|
175 if (!allowsAccessFromFrame(exec, impl()->frame())) |
|
176 return; |
|
177 Base::getOwnPropertyNames(exec, propertyNames, mode); |
|
178 } |
|
179 |
|
180 void JSLocation::defineGetter(ExecState* exec, const Identifier& propertyName, JSObject* getterFunction, unsigned attributes) |
|
181 { |
|
182 if (propertyName == exec->propertyNames().toString || propertyName == exec->propertyNames().valueOf) |
|
183 return; |
|
184 Base::defineGetter(exec, propertyName, getterFunction, attributes); |
|
185 } |
|
186 |
|
187 static void navigateIfAllowed(ExecState* exec, Frame* frame, const KURL& url, bool lockHistory, bool lockBackForwardList) |
|
188 { |
|
189 Frame* lexicalFrame = toLexicalFrame(exec); |
|
190 if (!lexicalFrame) |
|
191 return; |
|
192 |
|
193 if (!protocolIsJavaScript(url) || allowsAccessFromFrame(exec, frame)) |
|
194 frame->redirectScheduler()->scheduleLocationChange(url.string(), lexicalFrame->loader()->outgoingReferrer(), lockHistory, lockBackForwardList, processingUserGesture(exec)); |
|
195 } |
|
196 |
|
197 void JSLocation::setHref(ExecState* exec, JSValue value) |
|
198 { |
|
199 Frame* frame = impl()->frame(); |
|
200 ASSERT(frame); |
|
201 |
|
202 KURL url = completeURL(exec, ustringToString(value.toString(exec))); |
|
203 if (url.isNull()) |
|
204 return; |
|
205 |
|
206 if (!shouldAllowNavigation(exec, frame)) |
|
207 return; |
|
208 |
|
209 navigateIfAllowed(exec, frame, url, !frame->script()->anyPageIsProcessingUserGesture(), false); |
|
210 } |
|
211 |
|
212 void JSLocation::setProtocol(ExecState* exec, JSValue value) |
|
213 { |
|
214 Frame* frame = impl()->frame(); |
|
215 ASSERT(frame); |
|
216 |
|
217 KURL url = frame->loader()->url(); |
|
218 if (!url.setProtocol(ustringToString(value.toString(exec)))) { |
|
219 setDOMException(exec, SYNTAX_ERR); |
|
220 return; |
|
221 } |
|
222 |
|
223 navigateIfAllowed(exec, frame, url, !frame->script()->anyPageIsProcessingUserGesture(), false); |
|
224 } |
|
225 |
|
226 void JSLocation::setHost(ExecState* exec, JSValue value) |
|
227 { |
|
228 Frame* frame = impl()->frame(); |
|
229 ASSERT(frame); |
|
230 |
|
231 KURL url = frame->loader()->url(); |
|
232 url.setHostAndPort(ustringToString(value.toString(exec))); |
|
233 |
|
234 navigateIfAllowed(exec, frame, url, !frame->script()->anyPageIsProcessingUserGesture(), false); |
|
235 } |
|
236 |
|
237 void JSLocation::setHostname(ExecState* exec, JSValue value) |
|
238 { |
|
239 Frame* frame = impl()->frame(); |
|
240 ASSERT(frame); |
|
241 |
|
242 KURL url = frame->loader()->url(); |
|
243 url.setHost(ustringToString(value.toString(exec))); |
|
244 |
|
245 navigateIfAllowed(exec, frame, url, !frame->script()->anyPageIsProcessingUserGesture(), false); |
|
246 } |
|
247 |
|
248 void JSLocation::setPort(ExecState* exec, JSValue value) |
|
249 { |
|
250 Frame* frame = impl()->frame(); |
|
251 ASSERT(frame); |
|
252 |
|
253 KURL url = frame->loader()->url(); |
|
254 // FIXME: Could make this a little less ugly if String provided a toUnsignedShort function. |
|
255 const UString& portString = value.toString(exec); |
|
256 int port = charactersToInt(portString.data(), portString.size()); |
|
257 if (port < 0 || port > 0xFFFF) |
|
258 url.removePort(); |
|
259 else |
|
260 url.setPort(port); |
|
261 |
|
262 navigateIfAllowed(exec, frame, url, !frame->script()->anyPageIsProcessingUserGesture(), false); |
|
263 } |
|
264 |
|
265 void JSLocation::setPathname(ExecState* exec, JSValue value) |
|
266 { |
|
267 Frame* frame = impl()->frame(); |
|
268 ASSERT(frame); |
|
269 |
|
270 KURL url = frame->loader()->url(); |
|
271 url.setPath(ustringToString(value.toString(exec))); |
|
272 |
|
273 navigateIfAllowed(exec, frame, url, !frame->script()->anyPageIsProcessingUserGesture(), false); |
|
274 } |
|
275 |
|
276 void JSLocation::setSearch(ExecState* exec, JSValue value) |
|
277 { |
|
278 Frame* frame = impl()->frame(); |
|
279 ASSERT(frame); |
|
280 |
|
281 KURL url = frame->loader()->url(); |
|
282 url.setQuery(ustringToString(value.toString(exec))); |
|
283 |
|
284 navigateIfAllowed(exec, frame, url, !frame->script()->anyPageIsProcessingUserGesture(), false); |
|
285 } |
|
286 |
|
287 void JSLocation::setHash(ExecState* exec, JSValue value) |
|
288 { |
|
289 Frame* frame = impl()->frame(); |
|
290 ASSERT(frame); |
|
291 |
|
292 KURL url = frame->loader()->url(); |
|
293 String oldFragmentIdentifier = url.fragmentIdentifier(); |
|
294 String str = ustringToString(value.toString(exec)); |
|
295 if (str.startsWith("#")) |
|
296 str = str.substring(1); |
|
297 if (equalIgnoringNullity(oldFragmentIdentifier, str)) |
|
298 return; |
|
299 url.setFragmentIdentifier(str); |
|
300 |
|
301 navigateIfAllowed(exec, frame, url, !frame->script()->anyPageIsProcessingUserGesture(), false); |
|
302 } |
|
303 |
|
304 JSValue JSLocation::replace(ExecState* exec) |
|
305 { |
|
306 Frame* frame = impl()->frame(); |
|
307 if (!frame) |
|
308 return jsUndefined(); |
|
309 |
|
310 KURL url = completeURL(exec, ustringToString(exec->argument(0).toString(exec))); |
|
311 if (url.isNull()) |
|
312 return jsUndefined(); |
|
313 |
|
314 if (!shouldAllowNavigation(exec, frame)) |
|
315 return jsUndefined(); |
|
316 |
|
317 navigateIfAllowed(exec, frame, url, true, true); |
|
318 return jsUndefined(); |
|
319 } |
|
320 |
|
321 JSValue JSLocation::reload(ExecState* exec) |
|
322 { |
|
323 Frame* frame = impl()->frame(); |
|
324 if (!frame || !allowsAccessFromFrame(exec, frame)) |
|
325 return jsUndefined(); |
|
326 |
|
327 if (!protocolIsJavaScript(frame->loader()->url())) |
|
328 frame->redirectScheduler()->scheduleRefresh(processingUserGesture(exec)); |
|
329 return jsUndefined(); |
|
330 } |
|
331 |
|
332 JSValue JSLocation::assign(ExecState* exec) |
|
333 { |
|
334 Frame* frame = impl()->frame(); |
|
335 if (!frame) |
|
336 return jsUndefined(); |
|
337 |
|
338 KURL url = completeURL(exec, ustringToString(exec->argument(0).toString(exec))); |
|
339 if (url.isNull()) |
|
340 return jsUndefined(); |
|
341 |
|
342 if (!shouldAllowNavigation(exec, frame)) |
|
343 return jsUndefined(); |
|
344 |
|
345 // We want a new history item if this JS was called via a user gesture |
|
346 navigateIfAllowed(exec, frame, url, !frame->script()->anyPageIsProcessingUserGesture(), false); |
|
347 return jsUndefined(); |
|
348 } |
|
349 |
|
350 JSValue JSLocation::toString(ExecState* exec) |
|
351 { |
|
352 Frame* frame = impl()->frame(); |
|
353 if (!frame || !allowsAccessFromFrame(exec, frame)) |
|
354 return jsUndefined(); |
|
355 |
|
356 return jsString(exec, impl()->toString()); |
|
357 } |
|
358 |
|
359 bool JSLocationPrototype::putDelegate(ExecState* exec, const Identifier& propertyName, JSValue, PutPropertySlot&) |
|
360 { |
|
361 return (propertyName == exec->propertyNames().toString || propertyName == exec->propertyNames().valueOf); |
|
362 } |
|
363 |
|
364 void JSLocationPrototype::defineGetter(ExecState* exec, const Identifier& propertyName, JSObject* getterFunction, unsigned attributes) |
|
365 { |
|
366 if (propertyName == exec->propertyNames().toString || propertyName == exec->propertyNames().valueOf) |
|
367 return; |
|
368 Base::defineGetter(exec, propertyName, getterFunction, attributes); |
|
369 } |
|
370 |
|
371 } // namespace WebCore |